First-generation Software Composition Analysis (SCA) tools produce excessive noise. Relying solely on CVSS scores is inadequate for assessing enterprise risk and should not serve as the primary prioritization metric. In this discussion, Deepfactor’s Founder & CEO, Kiran Kamity, and Director of Product Engineering, Vikas Wadhvani, define the blueprint for SCA 2.0. They outline six key parameters that shape the next generation of SCA, emphasizing true risk and remediation effort.
Topics include:
- Addressing alert fatigue in existing Software Composition Analysis tools (SCA 1.0)
- The SCA 2.0 framework for alleviating alert fatigue: Six strategies for prioritizing SCA alerts based on reachability, runtime usage, exploitability, topology, applicability, and severity.
- Deepfactor’s solution: Runtime SCA
- Test application examples